Hey all, I have some questions regarding the Watchdog: How can I monitor the activity of osquery's watchdog on my endpoints? I am querying many queries from my macs, however, some queries seem to not be reported and I wonder if it is due to watchdog, is there a way to monitor it? I tried querying

osquery_schedule

table, there I can see the

blacklisted

column - which I assume, if it is

1

it means that the watchdog had stopped it the time before, but is this the only indication for the watchdog stoping a query? Lastly, is the watchdog killing osquery when all queries are using too much resources, or is it stopping a specific query that is using too many resources? in other words - are other queries which are frequently scheduled with a large query in danger being aborted?

I think the watdog will kill the osquery